Silicon Labs documentation on Wireshark version 1.0.0.

Documentation source: https://docs.silabs.com/wireshark/1.0.0

# Wireshark

## Wireshark for Silicon Labs Hardware

### Introduction

Wireshark is a widely used, open-source network protocol analyzer that allows developers to capture and inspect network traffic in real time or from previously recorded sessions. Through integration with Simplicity Device Manager (SDM), Silicon Labs provides seamless support for capturing and analyzing network traffic from supported hardware.

### What This Guide Covers

This comprehensive setup guide provides:

- Official support and setup instructions for Wireshark with SDM
- Step-by-step configuration for launching SDM as an external capture interface
- Methods to capture, view, and analyze traffic from Silicon Labs adapters
- **Supported protocols:** Wi-SUN, Zigbee, and Thread

## Wireshark for Silicon Labs Hardware Version 1.0.0 (October 16, 2025) Release Notes

Integration guide for capturing and analyzing wireless traffic from Silicon Labs hardware using Wireshark with Simplicity Device Manager (SDM).

### Release Summary

#### Key Features

##### Added in 1.0.0

- **SDM Extcap Integration**: External capture interface setup through SDM for Wireshark integration.
- **Protocol Dissectors**: Complete dissection including Silicon Labs proprietary layers for Wi-SUN, Zigbee, and Thread protocols.
- **Dual Setup Methods**: Configure integration through SDM UI or command-line interface.
- **Capture Interface Management**: Create and manage capture interfaces for grouping and capturing from multiple adapters.
- **Comprehensive FAQ**: Troubleshooting guide covering offline analysis, decryption key configuration, display filters, adapter discovery, and capture interface issues

#### Bug Fixes

##### Fixed in 1.0.0

- None - Initial release

#### Removed/Deprecated Features

- None

#### Known Issues and Limitations

- **Protocol Support**: Supported protocols are limited to those that have dissectors available in Wireshark.
- **SDM Capturing Bugs**: Known capturing bugs in Simplicity Device Manager might effect capture functionality.

## Getting Started with Wireshark for Silicon Labs Hardware

This guide explains how to install and configure Wireshark for use with Silicon Labs hardware using Simplicity Device Manager (SDM).

### Prerequisites

Before you begin, ensure you have the following components installed or available.

|Component|Requirement|
|---|---|
|**Hardware**|Silicon Labs WSTKs (Series 1 and above)|
|**Wireshark**|Version 4.6.0 or later|
|**SDM**|Simplicity Device Manager 0.100.18 or later|

### Installation Guide

#### Step 1: Install Wireshark 4.6.0 or later

> **Important:** Only Wireshark version 4.6.0 and later include the Silicon Labs dissector.

**Download Wireshark 4.6.0 or later**
Go to [https://www.wireshark.org/download.html](https://www.wireshark.org/download.html) and download the development release for your operating system.

#### Step 2: Install Simplicity Device Manager (SDM)

**Option A: Simplicity Installer UI**

Find and install Simplicity Device Manager using the Simplicity Installer. See [Install a Tool](https://docs.silabs.com/ssv6ug/latest/ssv6-analysis-tools-overview/install-tool) in the Simplicity Studio 6 Users Guide.

**Option B: SLT-CLI**

[Install SLT](https://docs.silabs.com/command-line-development/latest/ssv6-slt-cli/install-slt), then:

```bash
slt install sdm
```

**Add `sdm` to your PATH**

To use `sdm` from any terminal (for example in Step 3), add the SDM install folder to your PATH. After installation it is under your user home at:

`~/.silabs/installs/archive/sdm-<os>-<arch>`

Use `<os>` = `darwin` (macOS), `linux`, or `windows`, and `<arch>` = `x64` or `arm64` for your CPU. Examples: `sdm-darwin-arm64`, `sdm-linux-x64`, `sdm-windows-x64`.

On Windows, `~` is your user profile (for example `%USERPROFILE%\.silabs\installs\archive\sdm-windows-x64`).

#### Step 3: Configure SDM Extcap for Wireshark

Once SDM is installed, you need to set up the external capture integration with Wireshark.

##### Method A: Setup Through SDM UI

1. **Start the SDM Server**  
   If the SDM server is not running, the UI prompts you to start it when needed.
2. **Navigate to Capture View**  
   From the navigation bar on the left, go to "Capture" view.
3. **Configure Wireshark Integration**  
   Click **Set up Wireshark** at the top of the interface.  
   ![Wireshark Setup](/wireshark-getting-started/0.1/images/wireshark-setup.png)
4. **Launch Wireshark**  
   After setup successfully completes, the button label will change to **"Run Wireshark"**. Click this button to launch Wireshark through the SDM UI.

##### Method B: Setup Through SDM CLI

1. **Start the SDM server.**  
   ```bash  
   sdm server start  
   ```
2. **Register SDM extcap.**  
   ```bash  
   sdm extcap setup  
   ```
3. **Verify the configuration.**  
   ```bash  
   sdm wireshark locate  
   ```
4. **Launch Wireshark**  
   ```bash  
   sdm wireshark start  
   ```

### Verification

After completing the setup, verify that:

- Wireshark launches successfully.
- Silicon Labs adapters appear as available capture interfaces.
- The Silicon Labs dissector is available for protocol analysis.

### Next Steps

After configuring Wireshark with SDM, you can:

- **[Start Capturing](wireshark-capture-index)** - Learn how to capture traffic using UI or CLI methods
- **[Check the FAQ](wireshark-faq-index)** - Find solutions to common issues and advanced configuration tips

### Troubleshooting

If you encounter issues during setup, see the [FAQ section](wireshark-faq-index) for troubleshooting guidance and subnet configuration instructions.

## Frequently Asked Questions

This section provides answers to common questions and troubleshooting guidance for using Wireshark with Silicon Labs hardware.

### Working with Capture Files

**Q: Can I analyze previously captured files?**

Yes, Wireshark can open SDM-generated `.pcapng` files directly for offline analysis. These capture files support:

- Full protocol dissection
- Advanced filtering capabilities
- All Wireshark analysis features

To open a file, select **File → Open** in Wireshark to choose any `.pcapng` file generated by SDM.

### Decryption Key Configuration

**Q: How do I view encrypted traffic?**

To decrypt and analyze encrypted network traffic, configure the appropriate keys in Wireshark:

#### Zigbee Networks

1. Navigate to **Preferences → Protocols → Zigbee**.
2. Select **Pre-configured Keys**.
3. Add Network (NWK) and Link Keys as needed.

#### Thread Networks

1. Navigate to **Preferences → Protocols → ieee802154**.
2. Select **Decryption Keys**.
3. Add the NWK Key with **Key Hash: Thread Hash**.

#### Wi-SUN Networks

1. Navigate to **Preferences → Protocols → ieee802154**.
2. Select **Decryption Keys**.
3. Add the NWK Key with **Key Hash: No Hash**.

### Display Filters

**Q: How do I filter captured packets?**

Wireshark provides powerful filtering capabilities:

#### Quick Method

1. Right-click on any field in a captured packet.
2. Select **"Apply as Filter"** or **"Prepare as Filter"**.
3. Wireshark automatically creates the appropriate filter.

#### Manual Filtering

Refer to the [Wireshark Display Filters documentation](https://wiki.wireshark.org/DisplayFilters) for comprehensive filtering syntax.

#### Common Filter Examples

```c
## Show only Zigbee traffic
zbee_nwk

## Show specific device traffic
wpan.src64 == 00:12:4b:00:12:34:56:78

## Show only data frames
wpan.frame_type == 0x1
```

### Adapter Discovery Issues

**Q: My expected adapters are not showing up. What should I do?**

If adapters are not detected over Ethernet, configure the subnet settings:

#### Method 1: Using CLI

```bash
sdm config set -t discovery.subnetConfiguration -v 10.4.178.22 10.4.178.* 10.4.178.0/255.255.255.0
```

Replace the IP addresses with your network configuration.

#### Method 2: Using SDM UI

1. Launch the SDM UI.
2. Navigate to **Settings**.
3. Go to **Subnet Configuration**.
4. Add your network subnets.

#### Subnet Configuration Examples

```bash
## Individual IP address
192.168.1.100

## Range of IP addresses
192.168.1.20-29

## IP range with wildcard
192.168.1.*

## Subnet with netmask
192.168.1.0/255.255.255.0
```

### Capture Interface Issues

**Q: I can't see my adapters or capture interfaces**

If your Silicon Labs adapters are not appearing as capture interfaces in Wireshark:

1. **Verify Setup Configuration**  
   Review the [Getting Started guide](wireshark-start-index) to verify proper setup and ensure all installation steps were completed correctly.
2. **Refresh Capture Interfaces**  
   In Wireshark, refresh the interface list by going to **Capture → Refresh Interfaces**.
3. **Check SDM Connection**  
   Ensure the SDM server is running and properly connected to your adapters.

### Additional Support

If you continue to experience issues:

1. Review the [Getting Started guide](wireshark-start-index) to verify proper setup.
2. Review the [Capturing guides](wireshark-capture-index) for step-by-step instructions.
3. Contact Silicon Labs support and include specific error messages and system information.

## Capturing

### Capturing Network Traffic

This section provides comprehensive guides for capturing network traffic from Silicon Labs hardware using Wireshark integrated with Simplicity Device Manager (SDM).

#### Available Capture Methods

Choose the method that best fits your workflow:

##### [UI-Based Capturing](capturing-ui)

Use the SDM graphical interface to:

- Visually manage adapters and capture interfaces.
- Configure adapters using drag-and-drop actions.
- Easily set up single or multi-adapter captures.

##### [CLI-Based Capturing](capturing-cli)

Use SDM command-line tools to:

- Scripted and automated workflows
- Programmatic capture interface management
- Integration with development pipelines

#### What You Can Capture

Both methods support capturing traffic from:

- **Single adapters** - Monitor traffic from one specific device.
- **Multiple adapters** - Aggregate traffic from multiple devices into a single capture stream.
- **Supported protocols** - Wi-SUN, Zigbee, and Thread.

#### Before You Start

Complete the [Getting Started](wireshark-start-index) setup guide to ensure Wireshark is properly configured with SDM.

#### Need Help?

See the [FAQ section](wireshark-faq-index) for troubleshooting common issues and advanced configuration options.

### Capturing Traffic Using SDM UI

This guide explains how to capture network traffic using the Simplicity Device Manager (SDM) user interface (UI) with Wireshark.

#### Prerequisites

Before starting, make sure that:

- The SDM server is running.
- Wireshark is properly set up with SDM. For more information, see the _Getting Started_ guide.

#### Capturing from a Single Adapter

##### Step 1. View Available Adapters

Navigate to the **"Devices"** view in SDM or check the adapters listed below the navigation menu.

![SDM Devices View](/wireshark-capture/0.1/images/sdm-device-view.png)

> **Note**: If you don't see the expected adapters, see the [FAQ section](wireshark-faq-index) for subnet configuration instructions.

##### Step 2. Launch Wireshark

Open Wireshark through SDM. The adapters listed in the **Devices** view should appear as available capture interfaces.

##### Step 3. Start Capturing

1. In Wireshark, select an adapter to begin capturing.
2. Select any packet to view detailed protocol dissection.

![Adapter List](/wireshark-capture/0.1/images/ws-adapter-list.png)

##### Step 4. Complete the Capture

When you finish analyzing traffic:

1. Stop the capture.
2. Save the capture file for future analysis.

![Live Capture](/wireshark-capture/0.1/images/ws-live-capture.png)

#### Capturing from Multiple Adapters (Capture Interface)

##### Step 1. Create a Capture Interface

1. Navigate to the **"Capture"** view in SDM.
2. Click the **"+ New Capture"** button at the top to create a new capture interface.  
   > **Tip**: If no capture interfaces exist, SDM prompts you to create one automatically.

##### Step 2. Add Adapters to the Capture Interface

Drag and drop the desired adapters from the available list into your preferred capture interface.

![SDM Capture View](/wireshark-capture/0.1/images/sdm-capture-view.png)

##### Step 3. Start Multi-Adapter Capture

1. Open Wireshark.
2. The capture interface you created should appear as an available interface.
3. Select it and start capturing.

![CI List](/wireshark-capture/0.1/images/ws-ci-list.png)

##### Step 4. Monitor and Complete

1. Observe traffic captured from multiple adapters simultaneously.
2. When you finish, stop and save the capture.

#### Next Steps

- Learn about [CLI-based capturing](capturing-cli)
- See the [FAQ](wireshark-faq-index) for troubleshooting and advanced configuration options.

### Capturing Traffic Using SDM CLI

This guide explains how to capture network traffic using the Simplicity Device Manager (SDM) command-line interface (CLI) with Wireshark.

#### Prerequisites

Before you begin, make sure that:

- SDM is installed and configured.
- Wireshark is properly set up to work with SDM. For more information, see the _Getting Started_ guide.

#### Capturing from a Single Adapter

##### Step 1. Start the SDM Server

```bash
sdm server start
```

##### Step 2. List Available Adapters

```bash
sdm adapter list
```

> **Note**: If you don't see the expected adapters, see the [FAQ section](wireshark-faq-index) for subnet configuration instructions.

##### Step 3. Launch Wireshark

```bash
sdm wireshark start
```

The adapters listed in step 2 should appear as capture interfaces in Wireshark.

##### Step 4. Start Capturing

1. In Wireshark, click on an adapter to begin capturing.
2. Select any packet to view detailed protocol dissection.

![Adapter List](/wireshark-capture/0.1/images/ws-adapter-list.png)

##### Step 5. Complete the Capture

When you finish analyzing traffic:

1. Stop the capture.
2. Save the capture file for future analysis.

![Live Capture](/wireshark-capture/0.1/images/ws-live-capture.png)

#### Capturing from Multiple Adapters (Capture Interface)

##### Step 1. Start the SDM Server

```bash
sdm server start
```

##### Step 2. Create a Capture Interface

```bash
sdm ci create --name <my_interface>
```

Replace `<my_interface>` with a descriptive name for your capture interface.

##### Step 3. Add Adapters to the Capture Interface

```bash
sdm ci add -c <my_interface> -a <adapter_1_id>
sdm ci add -c <my_interface> -a <adapter_2_id>
### Repeat for additional adapters as needed
```

Replace the placeholders with the following:

- `<my_interface>`: The name you created in step 2.
- `<adapter_X_id>`: The ID of each adapter (from `sdm adapter list`).

##### Step 4. Start Multi-Adapter Capture

1. Open Wireshark (if it's not already open).
2. The capture interface you created should be listed as an available interface.
3. Select it and start capturing.

![CI List](/wireshark-capture/0.1/images/ws-ci-list.png)

##### Step 5. Monitor and Complete

1. Observe traffic captured from multiple adapters simultaneously.
2. When you are finished, stop and save the capture.

#### Next Steps

- Learn about [UI-based capturing](capturing-ui)
- See the [FAQ](wireshark-faq-index) for troubleshooting and advanced configuration options.